superkojiman wrote:If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.

superkojiman wrote:If you're looking for a book, Hacking: The Art of Exploitation is an excellent one that covers exploitation of Linux programs in C. You'll also find numerous exploitation tutorials on Google.

Hey Super kojiman I've bought the book its great man great!! It even teachs C programming language to the audience!! Thanks again.

Cyber.spirit wrote:Well, I don't know assembly so it is not useful for me

You're going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn't mean that assembly isn't involved. More often than not, those are just the deliver mechanism for the exploit. You're going to have to get comfortable working in a debugger and understanding assembly. There's no way around it.

Cyber.spirit wrote:Well, I don't know assembly so it is not useful for me

You're going to need to learn it then. Just because an exploit is written in C, Python, Perl, Ruby, etc., doesn't mean that assembly isn't involved. More often than not, those are just the deliver mechanism for the exploit. You're going to have to get comfortable working in a debugger and understanding assembly. There's no way around it.

So ture.I said i have no time to learn assembly for now. I just wanna learn to write some exploits with c then after a while i am going to learn assembly. Its better for me atleast i can write exploits with c

An exploits has two parts: there is a dropper/delivery program that can be written in C, Python, etc. That is not complicated to write. The real trick is finding the vulnerability, figuring out how to exploit it and developing the shell code. You won't be able to do much without learning some assembly. Without it, you can't customize shell code, debug using gdb/IDA/Olly, or use any non-trivial exploitation technique (e.g. return-into-libc).

so you wanna say most or its better to say all of exploits are in assembly?

Ok if you say i accept because i have no experience with exploitation. But i bought hacking AOE it teachs programming part all C and a little bit of assembly(however idk exactly because i didn't read it i just read the table of content) but if i am right tell me why it doesn't teach asembly instead of c its harder it needs more time.

Thanks for your help

Last edited by cyber.spirit on Mon Feb 04, 2013 4:48 pm, edited 1 time in total.

What you really need is understand how operating systems work and learning a bit of assembly will help you a lot in understanding the registries, the stack, etc. And again, you really don't need to be good at assembly. Just write a few programs and you will be fine.

For the rest C, python, ruby, perl, etc are, like ajohnson said, only there to help you deliver your shellcode.